Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Jun 2014 14:23:52 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-sec <oss-security@...ts.openwall.com>
Cc: cve-assign@...re.org
Subject: CVE request: piwigo before 2.6.3 sql injection

The Piwigo image gallery contains an sql injection before versions
2.6.3 and 2.7.0_beta2


Upstream bug:
http://piwigo.org/bugs/view.php?id=3089

commit:
http://piwigo.org/dev/changeset/28678

release notes:
http://piwigo.org/forum/viewtopic.php?id=24009

Please assign a CVE.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ